Lawful Processing of Personal Data in the Private Sector

As stated by the European Union Agency for Network and Information Security (ENISA), “Our society more and more depends on the trustworthy functioning of the information and communication technologies”.

We trust in the private business. In our mobile operators, our bank, our health provider, the school of our kids, etc. with data about us and our family. Naively, in the beginning, we might have believed that the provision of the information is only for getting the service. True has been said, most of the operators use our data not only to record who it is customer, they also use it to for marketing purposes (sell you more products), for profiling (statistical purposes), for surveillance (video), etc. the same data is processed for different purposes and at a speed of light (internet) plus, like any other business, they want to keep it “low-cost” so they might outsource the service and hence transfer personal data to countries which most likely do not have the same EU protection measures.

Now, should be noted that marketing, profiling, surveillance or outsourcing are not illegal activities, what would be unlawful is to do it without complying the principles relating to data quality and the criteria set for making data processing legitimate as set out in the Law. The protection of our personal data, to freely decide to who, for what, when and until which extent our data can be processed is our human right, which should be highly respected as one of the core value of individuals living in a democratic society.

In that order of ideas, the protection of our personal data can not only remain in the Law; we all have to play and active role, as consumers, we should reasonable inform ourselves, about our right and ways to protect our data; as a controller and processor of personal data (private businesses), must ensure a lawfully processing of the customer’s personal data and the appropriate use of all the technological measures available to avoid unauthorised interference.

Do you have questions on the legitimate grounds to collect and process your data? Do not hesitate to leave a comment or write to me at jessica@talacka.com, to arrange a meeting.